Airline Security

Submitted by jbreland on Fri, 07/27/2007 - 13:45

I usually refrain from posting about such stuff on my site, mostly because I tend to work myself up into a rant and I just don't have the time and energy to deal with that these days, but this was a really good read. While responding to a question about a certain aspect of airline security, a pilot provided his thoughts on the industry as a whole. This is a very insightful point of view, and covers a lot of what's just plain wrong with the state of affairs today.

I highly encourage anyone interested in this sort of stuff (and if you ever have reason to fly on a plane, you should be interested) to read the full article. It only takes a few minutes.
http://hotair.com/archives/2007/07/16/a-pilot-on-airline-security/

(as found on Bruce Schneier's blog)

A Behind-the-Scenes Look at How DRM Becomes Law

Submitted by jbreland on Fri, 07/13/2007 - 09:42

This is just a quick post about an article I recently read. Cory Doctorow (of Boing Boing, among others) has written a pretty insightful article for Information Week on "...the back room dealing that allowed entertainment companies and electronics companies to craft public policy on digital rights management." It manages to be insightful, disturbing, and disgusting all at the same time, and is worth a read if you're interested in how DRM comes to be.

Here's a small excerpt from the article:

Then the MPAA dropped the other shoe: the sole criterion for inclusion on the list would be the approval of one of its member-companies, or a quorum of broadcasters. In other words, the Broadcast Flag wouldn't be an "objective standard," describing the technical means by which video would be locked away -- it would be purely subjective, up to the whim of the studios. You could have the best product in the world, and they wouldn't approve it if your business-development guys hadn't bought enough drinks for their business-development guys at a CES party.

You can read the full article here:
http://www.informationweek.com/news/showArticle.jhtml?articleID=201000854

or, you can find the much friendlier single-page version here:
http://informationweek.com/shared/printableArticle.jhtml?articleID=201000854

Which file types are actually executed during extraction by Universal Extractor?

Submitted by jbreland on Sun, 07/01/2007 - 14:49

JST posted a good question a while back in the Universal Extractor forum. He wanted to know if any executable files (such as installers) were actually run during the extraction process. For the vast majority of files, UniExtract will "rip" the contents out of the file using a extraction/decompression utility. For example, Inno Setup installers are handled by innounp, self-extracting Zip files are handled by 7-Zip or Info-ZIP, etc. However, there also cases where some files simply must be executed in order to extract the contents.

JST was concerned about this because he sometimes uses Universal Extractor to investigate malicious files. Obviously you want to be very careful when examining malicious files, so his concern was well justified. He asked for a list of file types that UniExtract will actually execute when extracting. It took me a while to get around to documented this, but I've finally done so. You can read the full list in this forum thread:

Are any files executed during extraction?

This is good information to know, especially if you ever work with suspicious files. I'm probably going to add this information to the main UniExtract page as well, and will look into possibly adding a warning message to UniExtract itself before executing any untrusted files.

Windows Vista Security Considerations for Developers

Submitted by jbreland on Fri, 06/22/2007 - 10:52

I'm sure that everyone reading this site is aware of the fact that Windows Vista has made some rather drastic changes to the underlying OS in the name of security. Some of these are good and overdue changes; some, however, are freakin' brain dead (you can see my last post for a very brief summary of my feelings about Vista from a user's perspective). Regardless of my personal feelings, the fact is Vista is here and it's install base is only going to grow as people purchase new PCs. Given that I maintain a few applications for Windows, I have to take Vista into consideration and make sure that my apps continue to play nicely on Microsoft's current and future operation systems.

Unfortunately, I'm rather late to this party. Until just recently I have had no direct exposure with Vista; I even managed to go through the entire alpha, beta, and release candidate stages of Vista without seeing a Vista system a single time. Needless to say, once it was released I began receiving notices that Universal Extractor has Vista compatibility issues. I'm sure AutoFLAC does as well, but I guess those users are a bit less demanding. :-) (I say that in jest, of course - the UniExtract community over on the MSFN forum has been fantastic!)

The good news is that I finally do have access to a Vista system. I can't stand using it (again, see my last post if you want to know how I really feel about it), but it can at least serve as a test box for UniExtract and AutoFLAC. The next couple revisions of each will focus on Vista compatibility, and in anticipation of this I've begun doing some research into the Vista changes that most affect applications and installers. I'm post some of the more useful links I've found both for my own reference and for anyone else that may benefit from this information.

New ACLs Improve Security in Windows Vista - detailed article about many of the changes to user and administrator privileges, file system and registry permissions, etc.; very informative, though highly technical

File and Registry Virtualization – the good, the bad, and the ugly - discussion about the compatibility features provided by Vista to allow older "non-compliant" applications to install and function properly

Vista considerations - small write-up on the Inno Setup Knowledge Base discussing Inno-specific considerations

Vista FAQ and INNO Vista and XP questions - two Inno Setup newsgroup discussion threads concerning Vista compatibility

I know there's a lot more information out there, and I'll probably update this post as I come across it, but this will get me started. Do you know of any other good resources? Please post a comment!

KDE Hidden Preferences

Submitted by jbreland on Tue, 05/15/2007 - 04:32

One thing I love about KDE is it's incredible breadth of configuration options. I really like to tweak my environment to best suite my needs, preferences, and habits. I know what works best for me, and prefer to have my desktop environment reflect those preferences.

Despite the vast number of preferences in the KDE Control Center, there are still quite a few options for which new GUI preference setting exists. The Hidden Configuration KDE Wiki page discusses some of these options, and is worth a read if you use KDE. In particular, I was looking for a way to disable the listing and expanding of archive files in Konqueror's sidebar. This "feature" was borrowed from Windows XP (Compressed Folders), where it always bugged the hell out of me. If I wanted view the contents of Zip files in Windows Explorer then I'd unzip the damn file.

Needless to say, I was rather dismayed and disappointed when I saw this "feature" appear in a KDE upgrade. There is no GUI preference available for disabling it, but after quite a bit of internet searching I found the above Hidden Configuration page, which discusses how to do it. It's a useful resource, and I wanted to make a note of it here both for the benefit of others as well as so I can easily find the page again next time I setup KDE. :-)

If you would like to disable this feature as well, first try entering this command (as documented in the Wiki): kwriteconfig --file konqsidebartng.rc --group General --key ShowArchivesAsFolders --type bool false. You'll need to restart Konqueror for the change to take effect. If that does not work (it didn't for me), do this instead:

  1. Edit ~/.kde/share/config/konqsidebartng.rc
  2. Search for the option titled ShowArchivesAsFolders
  3. If you ran the kwriteconfig command, you should find it under the [General] category. Delete that under [General] and instead add ShowArchivesAsFolders=false it to the top of the file
  4. If you do not already have that setting in the file, simply add it to the top of the file as described in the last step
  5. Save the file and restart konqueror

You should now be rid of those annoying archive folders. Enjoy.

Oh, and if you'd like to disable this feature in Windows XP as well, you can easily to so by running the following command: regsvr32.exe /u zipfldr.dll. If you choose to reenable it, you can do so simply by running regsvr32.exe zipfldr.dll.

Useful New Windows Apps

Submitted by jbreland on Sat, 05/05/2007 - 04:33

I came across a couple of very useful Windows apps tonight while doing some maintenance on my systems. The first is Core Mini-SFTP Server. This is a commercial/proprietary app, but it's available free of charge. As implied by the name, it's a stripped-down sFTP server for Windows. No installation or configuration is necessary; simply download and run the executable, specify the username, password, and root directory, then click Start. Any user can now connect via SFTP using the specified credentials. It's very convenient if you simply need quick and easy access to an sFTP server on Windows, but, of course, it does have limitations. It's strictly single user, must be run interactively (ie, it cannot be run as a service when the system starts), and only minimal sftp functionality is included (the sftp client under Linux works, for example, but scp does not). Additionally, it stores the specified password in plaintext within the registry. Keep this in mind when choosing a password, and be sure to delete the key after you're finished if it's a sensitive password (HKCU\Software\FTPWare\msftpsrvr\msftpsrvr).

Next up is a fine new FOSS app for Windows. Infra Recorder is a very slick CD burning application based on cdrecord. The interface is very nice and intuitive, functionally it can do just about anything you'd expect of a CD burning application, and so far it seems quite stable (considering it's a beta release). I'm quite pleased with it so far. The audio capabilities are somewhat limited (it can only handle WAV files directly, for example), but given that I use Exact Audio Copy for all of my audio CD needs it's not much of an issue for me. It'll make a great alternative to cdrtfe, my current burning app of choice under Windows.

Enjoy. :-)

Edit: I'm afraid I'm going to have to take back some of the praise for Infra Recorder. It doesn't seem to actually want to write the disc image that you tell it to burn. Instead, it just pretends to burn it for several minutes, letting you think it's being written to disc. I discovered this after thinking I had burned a freshly downloaded 700 MB Kubuntu ISO, only to find out after I had deleted ISO that it had not, in fact, been written to disc. So, I downloaded it again, checked and double-checked all settings (especially the "simulation" option, and attempted to burn it again, but it still failed. I then fired up cdrtfe and burned it without problem on the first attempt, confirming that the disc image was fine.

I'd recommend sticking with cdrtfe for important stuff for now.

Adding Custom Actions to KDE Context Menus (aka, servicemenus)

Submitted by jbreland on Fri, 04/20/2007 - 01:16

One thing I always liked about Windows (compared to Linux) is that it's very easy to add custom actions to the context (right-click) menu for any given file types. For example, I used this ability with Universal Extractor to add UniExtract... entries to the context menu of archive files, and I use it with Open with Arguments to add Open with arguments... to .exe and .bat files. I missed that ability for quite some time once I began using Linux as my primary OS. Something as simple as extracting Zip files, for example, would require jumping to the command line and entering an appropriate unzip command[1]. However, a while back I stumbled across a tutorial entitled, "Creating Konqueror Service Menus", and was very pleasantly surprised to discover that this allowed me to do exactly what I had wanted for so long.

I setup a few custom actions (called "servicemenus" in KDE) a while back on my home system and pretty much forgot about it since it "just worked", but since I'm now using a new desktop system at home I'm already missing these custom actions. So, I figured I'd document them here while setting them up again. Hopefully this information will help out other Linux users. Much more thorough instructions can be found in the article referenced above - my instructions should be treated as more of a reference.

To begin, you'll need to create a new .desktop file for the action you want to perform. For the purposes of this article, I'm going to add a context menu item that will extract RAR files to the current directory. So, we'll create a new file named ~/.kde/share/apps/konqueror/servicemenus/rar.desktop. The file name is arbitrary, but it must be saved in the specified location, and must end with the .desktop extension. Next open the file in your favorite editor and add the following:

rar.desktop
[Desktop Entry]
ServiceTypes=application/x-rar,application/x-rar-compressed
Actions=unrar

[Desktop Action unrar]
Name=Extract Here
Exec=launch.sh %d unrar x \"%f\"
Icon=package

This code is not very intuitive, so I'll explain each option

  • ServiceTypes - specifies the type of files with which the action should be associated. The easiest way to determine this information is to run Konqueror, click Settings, Configure Konqueror, and select the File Associations section. Enter the file extension you want to associate the action with (in this case, rar, and then add the listed file types to the Service Types entry. Repeat for each extension if you want to associate with multiple types
  • Actions - specifies the name of the stanza that defines the action. Multiple actions can be specified, but we'll only use one here. Just make sure that the name entered here matches the [Desktop Action xxx] defined below.
  • Name - the name of the context menu entry that will appear when right-clicking on the given type of files
  • Exec - the action to perform when selected; more details below. Please also see this page for a full discussion of this item, including a list of valid field codes.
  • Icon - the name of the icon to associate with the context menu entry (optional). This can point to a real file if you want to use a custom icon, but you have to specify the full path and filename. In this case, I'm telling it to use the package icon from the current icon set. The easiest way (that I know of) to view these "pre-defined" icons is to right-click on any K-menu entry, select Edit Item, and click on the icon button for that item, It'll bring up an icon browser. Find the icon you like best, note the name, then close the windows and add it to the Icon entry.

Now, let's discuss the Exec entry. Ordinarily you'd probably want to call the binary directly; eg., unrar x \"%f\". In this case, however, I want to get feedback on the current progress of the operation, as well as any errors that might have occured. Since unrar is a CLI application, running it from a GUI wouldn't provide any feedback. It would simply run in the background and then exit. To work around this, I created a "wrapper" script called launch.sh that will accept arguments passed by KDE and run the command in a standalone xterm terminal[2]. Using this method, clicking the the action in the context menu will spawn a new xterm window, which will then display the current status of the operation. It will also allow you to enter any additional information that may be necessary, such as answering an overwrite prompt or providing an archive password.

The code for the wrapper script is listed below. The only dependency is that xterm must be installed in an your $PATH.

launch.sh
#!/bin/bash

# enable support for spaces
IFS=$'\r\n'

# check for number of arguments
if [ "$2" = "" ]; then
    echo "Usage: $0 <dir> <command>"
    exit 1
fi

# set directory and command
DIR=$1
shift
COM=$@

# execute command in xterm
cd $DIR
xterm -e $COM
exit

That should do it. Save both of those files, make sure that launch.sh is copied to a location in your $PATH, then try right-clicking on a RAR file. Under the Actions submenu, you should now see an entry called Extract Here. Click it, and if all goes well the contents of the RAR file should be extracted to that directory.

For reference, here's a list of all KDE servicemenus that I have created:

  • audacious.desktop - Enqueue and begin playing all selected audio files in Audacious (originally written for XMMS, and still contains the commented code if desired)
  • iso.desktop - Mount an ISO CD-Rom image in a subdirectory of the current folder to allow file browsing and copying; press Enter when complete to unmount the ISO and remove the temporary directory. This service menu requires my mountiso.sh script.
  • par.desktop - Repair damaged RAR archives using associated PAR files
  • rar.desktop - Extract contents of RAR archives
  • tbz.desktop - Extract contents of bzipped tarballs
  • tgz.desktop - Extract contents of gzipped tarballs
  • vmdk.desktop - Mount a VMware disk image in a subdirectory of the current folder to allow file browsing and copying; press Ctrl-C when complete to unmount the disk image and remove the temporary directory. This service menu requires my mountvmdk.sh script. More details can be found in the How to Mount VMware Disk Images under Linux article.
  • xine.desktop - Enque and begin playing all selected video files in Xine
  • zip.desktop - Extract contents of ZIP archives
  • launch.sh - Wrapper script to display service menu output in an xterm window; most of my servicemenus require this script

[1] Yes, I know that I can install a GUI archiving utility such as Ark. However, that's not really relevant here for two reasons:

  1. I want to right-click and extract directly within Konqueror without first opening it in a separate utility
  2. File extraction is just an easy-to-visualize simple example - there are other cases where install a separate utility is not an option or just doesn't make any sense

[2] Yes, you could theoretically call xterm directly from the .desktop file rather than using a wrapper script, but I couldn't get it to work properly. I had issues with getting xterm and the associated command (in this case, unrar) to accept the correct path, as well as dealing with spaces in the filename. My wrapper script will handle anything that's thrown at it (so far, anyway...).

Lack of Updates

Submitted by jbreland on Thu, 04/19/2007 - 23:24

If it seems that I haven't spent much time working on my website recently, well, I haven't. :-) A whole lot has been keeping my busy for the last few weeks, including:

  • Accepting and preparing for a new job
  • Tying up loose ends at my old job before leaving
  • Purchasing/assembling/installing Gentoo on a new desktop system (which takes a while to work out all of the kinks)
  • Shopping/purchasing a new laptop since I lost my work-provided system

That's the highlights, but I've been dealing with some other stuff as well. I have some projects I'm trying to get done before I start my new job on Monday, and of course once I do begin my new job I'm sure it'll keep my busy for a while. So, to be honest I don't know when I'm going to be able to start posting regular updates again, but hopefully it won't be too far off.

One important task I'd like to finish up is putting out an update for Universal Extractor 1.5.1. I had mostly completed it about a month ago, but just haven't had time to fix a couple remaining issues and get the updated translation files. I'd like to start working on that again this weekend if I can finish my other projects in time, so keep an eye out for it in the next week or two.